#!/bin/sh
#
# @license   http://www.gnu.org/licenses/gpl.html GPL Version 3
# @author    Ian Moore <imooreyahoo@gmail.com>
# @copyright Copyright (c) 2011 Ian Moore
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# This file is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.

set -e

. /etc/default/openmediavault
. /usr/share/openmediavault/scripts/helper-functions


OPENVPN_CONFIG="/etc/openvpn/omv.conf"

# Enable/disable service
if [ "$(omv_config_get "//services/openvpn/enable")" != "1" ]; then
	update-rc.d openvpn disable
	exit 0
fi

# Arrays for DNS and DNSDOMAINS
DNS=$(omv_config_get "//services/openvpn/dns" | sed -e 's/\s*,\s*/\n/g');
WINS=$(omv_config_get "//services/openvpn/wins" | sed -e 's/\s*,\s*/\n/g');
DNSDOMAINS=$(omv_config_get "//services/openvpn/dns-domains" | sed -e 's/\s*,\s*/\n/g')

# Keydir
KEYDIR="$(omv_config_get "//services/openvpn/keydir")"

# Create openvpn config file
cat <<EOF > ${OPENVPN_CONFIG}
##################################
# Sample OpenVPN 2.0 config file #
# automatically generated by OMV #
##################################

port $(omv_config_get "//services/openvpn/port")
proto $(omv_config_get "//services/openvpn/protocol")
dev tun

ca ${KEYDIR}/ca.crt
cert ${KEYDIR}/server.crt
key ${KEYDIR}/server.key
dh ${KEYDIR}/dh1024.pem
crl-verify ${KEYDIR}/crl.pem

script-security 3

# Nat setup scripts
up nat.sh
down nat.sh

server $(omv_config_get "//services/openvpn/vpn-network") $(omv_config_get "//services/openvpn/vpn-mask")

# Maintain a record of client <-> virtual IP address
# associations in this file.  If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist omv-ipp.txt


keepalive 10 120

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

status /var/log/omvvpn-status.log 5

# Logging verbosity
verb $(omv_config_get "//services/openvpn/loglevel")

# Silence repeating messages.  At most 20
# sequential messages of the same message
# category will be output to the log.
mute 10

# ROUTING
##############
EOF

ROUTE=$(omv_config_get "//services/openvpn/vpn-route")
if [ "${ROUTE}" = "all" ]; then
	echo "push \"redirect-gateway def1 bypass-dhcp\"" >>${OPENVPN_CONFIG}
else
	IP=$(echo "${ROUTE}" | awk '{ print $1 }')
	MASK=$(echo "${ROUTE}" | awk '{ print $3 }')
	echo "push \"route ${IP} ${MASK}\"" >>${OPENVPN_CONFIG}
fi

cat <<EOF >> ${OPENVPN_CONFIG}

# DNS / WINS 
#############
EOF

for A in $DNS; do
	echo "push \"dhcp-option DNS ${A}\"" >> ${OPENVPN_CONFIG}
done
for A in $DNSDOMAINS; do
    echo "push \"dhcp-option DOMAIN ${A}\"" >> ${OPENVPN_CONFIG}
done
for A in $WINS; do
    echo "push \"dhcp-option WINS ${A}\"" >> ${OPENVPN_CONFIG}
done

cat <<EOF >> ${OPENVPN_CONFIG}

# MISC
#############
EOF

xmlstarlet sel -t -m "//services/openvpn" \
 -i "client-to-client != 0" -o "client-to-client" -n -b \
 -i "auth != 0" -o "auth-user-pass-verify vpnpwauth.sh via-env" -n -b \
 -i "compression != 0" -o "comp-lzo" -n -b \
 -n -o "# User defined extra options" -n -v "extraoptions" -n \
${OMV_CONFIG_FILE} | xmlstarlet unesc >> ${OPENVPN_CONFIG}

update-rc.d openvpn enable
update-rc.d openvpn defaults
